Vulnerability Details CVE-2010-2672
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff
- http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff
- http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search
- http://osvdb.org/63237
- http://osvdb.org/63238
- http://secunia.com/advisories/39101
- http://www.securityfocus.com/bid/38985
- http://www.siberas.de/advisories/advisories_2010.html
- http://ez.no/de/content/download/321165/3192248/version/1/file/16397.diff
- http://ez.no/de/content/download/321166/3192253/version/1/file/16398.diff
- http://ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search
- http://osvdb.org/63237
- http://osvdb.org/63238
- http://secunia.com/advisories/39101
- http://www.securityfocus.com/bid/38985
- http://www.siberas.de/advisories/advisories_2010.html
Products affected by CVE-2010-2672
-
cpe:2.3:a:ez:ez_publish:3.7.0
-
cpe:2.3:a:ez:ez_publish:3.7.1
-
cpe:2.3:a:ez:ez_publish:3.7.10
-
cpe:2.3:a:ez:ez_publish:3.7.11
-
cpe:2.3:a:ez:ez_publish:3.7.12
-
cpe:2.3:a:ez:ez_publish:3.7.2
-
cpe:2.3:a:ez:ez_publish:3.7.3
-
cpe:2.3:a:ez:ez_publish:3.7.4
-
cpe:2.3:a:ez:ez_publish:3.7.5
-
cpe:2.3:a:ez:ez_publish:3.7.6
-
cpe:2.3:a:ez:ez_publish:3.7.7
-
cpe:2.3:a:ez:ez_publish:3.7.8
-
cpe:2.3:a:ez:ez_publish:3.7.9
-
cpe:2.3:a:ez:ez_publish:4.2.0